strongSwan 5.9.10, a free VPN suite based on the IPSec protocol used in Linux, Android, FreeBSD and macOSThe new version fixes a dangerous vulnerability (CVE-2023-26463) that can be used to bypass authentication, but also potentially lead to attacker code execution on the server or client. The issue occurs when verifying specially crafted certificates in TLS-based EAP (Extensible Authentication Protocol) authentication methods.
The vulnerability is caused by the TLS handler incorrectly accepting public keys from a peer's certificate, considering them to be trustworthy, even if the certificate cannot be successfully verified. In particular, when calling the tls_find_public_key() function, fetching based on the public key type is used to determine which certificates are trustworthy. The problem is that the variable used to determine the key type for the lookup operation is set anyway, even if the certificate is not trustworthy.
Moreover, through key manipulation, it is possible to reduce the reference counter (if the certificate is not trustworthy, the reference to the object is released after the key type is determined) and free up memory for the still used object with the key. The considered flaw does not exclude the creation of exploits for organizing information leakage from memory and executing your own code.
Attack on server is carried out by the client sending a self-signed certificate for client authentication using the EAP-TLS, EAP-TTLS, EAP-PEAP, and EAP-TNC methods. An attack on the client can be carried out through the return server A specially designed certificate. The vulnerability appears in strongSwan releases 5.9.8 and 5.9.9. The publication of package updates in distributions can be tracked on the following pages: Debian, Ubuntu, Gentoo, RHEL, SUSE, Arch, FreeBSD, NetBSD.
Source: opennet.ru
